RSAC 2019: The Greatest Adversary to Election Security: Social Media

How do we fight against misinformation in the arena of public opinion?

During a session on election security at RSAC 2019, a panel of tech and legal panelists were unanimous in naming their chief concern amongst a multitude of potential threats and attack vectors: foreign influence through social media.

Robert Martin, Senior Principal Engineer at the MITRE Corporation, opened the session with an overview of the larger parts of the election ecosystem: voter registration, the districting of voters, declaring candidacies, campaigning, and the voting systems themselves. These usually get the most attention in any conversation concerning security measures against election fraud. Then the 2016 U.S. Presidential Election happened, and the conversation shifted. Influence through social media went from something the Department of Justice suspected to something it could prove.

Kay Stimson, VP, Government Affairs, Dominion Voting Systems, talked through various voting system vulnerabilities. Everything from electricity and telecommunications to the software and hardware used on election day can be attack targets. Though improvements to the policies and governance of voting systems can and are being argued, Stimson cautioned that the focus cannot be on voting systems alone. Swaying public perceptions through social media misinformation can alter the outcome of an election before voters even reach the ballot boxes – and thus must be prioritized.

Serge Jorgensen, Founding Partner/CTO, Sylint Group warned that, "There are controls in place to catch tech errors. Controls don't exist yet when it comes to misinformation. If I can convince you to pull a particular lever, then all of the other security measures don't mean anything."

The Justice Dept is trying to understand the attack vectors that exist. The common misconception is that the size of an election will protect it – the bigger it is, the more secure it is. But when it comes to election security, just a few weak links can compromise the outcome of an election.

There are controls in place to catch tech errors. Controls don't exist yet when it comes to misinformation.

Lucy Thompson, Attorney, Livingston PLC, presented some staggering numbers: the stakeholders of elections are comprised of 9,000 U.S. jurisdictions who administer elections, with around 175,000 precincts. The ballot equipment and processes implemented for election days are determined locally by these stakeholders. When it comes to the larger election ecosystem, the panel agreed that shared learning from coordinated information is critical. These jurisdictions need to talk to each other and share what does and doesn't work.

Developing the capacity to respond to major incidents and attacks is a priority, especially going into the 2020 U.S. presidential election. Jorgensen interjected saying the challenges, from a tech perspective, can come from the very policies intended to protect elections. Enhancing cyber security protections within the specified amount of time prior to an election, as defined by the policies, can be impossible.

Thompson and the panel returned to the subject of foreign influence through social media, walking through several solutions currently being pursued with legislation:

U.S. Senator Mark Warner of Virginia has proposed the "Honest Ads Act" that seeks to identify those putting ads on social media.

A bill by Senators Bob Menendez and Lindsey Graham, termed the "Sanctions Bill from Hell," is being considered and is threatening stringent sanctions.

Unfortunately, the problems aren't so much with law creation as law enforcement, the panel concluded. There is a wealth of work to be done before the next U.S. presidential election, and the panel encourages us all – in the tech industry, in the legal channels, in law enforcement, and in our own backyards – to be vigilant and ready to fight for an honest outcome to the 2020 presidential election. "What keeps me up at night," remarked Stimson, "is making sure the losing candidate has confidence in the election results."

Symantec’s Nico Popp takes a look at the future of cloud security for unmanaged devices

The problems women face in tech have been discussed enough – it's time for action

About the Author

Rebecca Donaldson

Symantec Cyber Security Staff Writer

Rebecca Donaldson is a writer and community manager for Symantec. For over ten years, she has had the privilege of publishing content that captures the guidance and information of Symantec experts, customers, and partners.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.